From: Ingo Molnar <mingo@elte.hu>
To: Arjan van de Ven <arjan@infradead.org>
Cc: Andi Kleen <ak@suse.de>,
akpm@osdl.org, torvalds@osdl.org, linux-kernel@vger.kernel.org,
drepper@redhat.com
Subject: Re: [PROPOSAL/PATCH] Remove PT_GNU_STACK support before 2.6.11
Date: Sun, 6 Feb 2005 13:45:23 +0100 [thread overview]
Message-ID: <20050206124523.GA762@elte.hu> (raw)
In-Reply-To: <20050206120244.GA28061@elte.hu>
* Ingo Molnar <mingo@elte.hu> wrote:
> * Arjan van de Ven <arjan@infradead.org> wrote:
>
> > So I rather see the patch below merged instead; it fixes the worst
> > problems (RWE not marking the heap executable) while keeping this
> > useful feature enabled.
> >
> > Signed-off-by: Arjan van de Ven <arjan@infradead.org>
>
> looks good.
>
> Signed-off-by: Ingo Molnar <mingo@elte.hu>
tested it against BK-curr, on an NX-enabled x86 CPU, and it builds/boots
fine and works as expected. A PT_GNU_STACK RWE binary gets this layout:
saturn:~/noexec> cat /proc/2983/maps
00888000-0089d000 r-xp 00000000 03:41 3433999 /lib/ld-2.3.3.so
0089d000-0089f000 rwxp 00014000 03:41 3433999 /lib/ld-2.3.3.so
008a1000-009bf000 r-xp 00000000 03:41 3434007 /lib/tls/libc-2.3.3.so
009bf000-009c1000 r-xp 0011d000 03:41 3434007 /lib/tls/libc-2.3.3.so
009c1000-009c3000 rwxp 0011f000 03:41 3434007 /lib/tls/libc-2.3.3.so
009c3000-009c5000 rwxp 009c3000 00:00 0
08048000-08049000 r-xp 00000000 03:41 1046974 /home/mingo/noexec/test-stack
08049000-0804a000 rwxp 00000000 03:41 1046974 /home/mingo/noexec/test-stack
b7fe7000-b7fe8000 rwxp b7fe7000 00:00 0
bffeb000-c0000000 rwxp bffeb000 00:00 0
ffffe000-fffff000 ---p 00000000 00:00 0
i.e. all mappings are executable (i.e. READ_IMPLIES_EXEC effect) - the
intended change. (although i dont fully agree with PT_GNU_STACK being
about something else than the stack, from a security POV if the stack is
executable then all bets are off anyway. The heap and all mmaps being
executable too in that case makes little difference.)
Ingo
next prev parent reply other threads:[~2005-02-06 12:45 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-02-06 11:36 [PROPOSAL/PATCH] Remove PT_GNU_STACK support before 2.6.11 Andi Kleen
2005-02-06 11:47 ` Arjan van de Ven
2005-02-06 12:02 ` Ingo Molnar
2005-02-06 12:25 ` Ingo Molnar
2005-02-06 12:36 ` Andi Kleen
2005-02-06 12:45 ` Ingo Molnar [this message]
2005-02-06 12:50 ` Andi Kleen
2005-02-06 12:59 ` Arjan van de Ven
2005-02-06 13:01 ` Andi Kleen
2005-02-06 13:04 ` Arjan van de Ven
2005-02-06 13:09 ` Andi Kleen
2005-02-06 13:31 ` Ingo Molnar
2005-02-06 13:43 ` Andi Kleen
2005-02-06 13:06 ` Christoph Hellwig
2005-02-06 13:11 ` Andi Kleen
2005-02-06 13:32 ` Ingo Molnar
2005-02-06 13:46 ` Andi Kleen
2005-02-06 14:08 ` Ingo Molnar
2005-02-06 14:22 ` Ingo Molnar
2005-02-06 14:29 ` Andi Kleen
2005-02-06 17:08 ` Linus Torvalds
2005-02-06 17:13 ` Arjan van de Ven
2005-02-06 17:31 ` Linus Torvalds
2005-02-06 17:39 ` Arjan van de Ven
2005-02-06 18:04 ` Linus Torvalds
2005-02-06 18:08 ` Arjan van de Ven
2005-02-06 17:56 ` Andi Kleen
2005-02-06 12:33 ` Andi Kleen
2005-02-06 12:40 ` Arjan van de Ven
2005-02-06 12:48 ` Andi Kleen
2005-02-06 15:54 ` Andreas Schwab
2005-02-06 17:05 ` Linus Torvalds
2005-02-06 17:58 ` Andi Kleen
2005-02-06 12:11 ` Paweł Sikora
[not found] ` <200502061303.12377.pluto@pld-linux.org>
[not found] ` <20050206124701.GD30109@wotan.suse.de>
2005-02-06 18:07 ` Paweł Sikora
2005-02-06 18:38 ` Andi Kleen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20050206124523.GA762@elte.hu \
--to=mingo@elte.hu \
--cc=ak@suse.de \
--cc=akpm@osdl.org \
--cc=arjan@infradead.org \
--cc=drepper@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=torvalds@osdl.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox